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(57) There is provided a communfcation system 
capable of reducing the burden of the terminal that is 
connected to the Internet via the communication net- 
work such as the mobile telephone network, whose 
security is ensured, and is used to carry out the elec- 
tronic connmerce and the banking service. An encryp- 
tion communication request generating portion (101) of 
a client system (1 00) sends out a security request of a 
communication route to a gateway server unit (200), an 
encryption communication controlling portion (203) of 
the gateway server unit sets up encryption communica- 
tion between a content server unit (300) and the gate- 
way server unit in response to this, the content server 
unit encrypts data to be transmitted to the client system 
and then transmits it to the gateway server unit, and an 
encryption communication controlling portion of the 
gateway server unit decrypts this data and transmits it 
to the client system. Encryption/decryption processing 
systems are not needed in the client system and thus 
the burden can be reduced. 
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Description 

Technical Field " 

[0001] The present invention relates to a communi- 
cation system and a communication method in which a 
client and a server betong to different communication 
networl<s and communicate via gateway servers that 
relay the different communication networks and. more 
particularly, intends to reduce the burden of a client sys- 
tem in encryption communication. 

Baci<around Art 

[0002] In recent years, because of the advent of 
World Wide Web (referred to as "Web" hereinafter), var- 
ious services can be offered on the Internet. Especially, 
it is expected that the electronic commerce and the 
Internet banking service are spread much more in the 
future. 

[0003] In these services, insurance of the security 
is the absolute condition. However, furtive glance of the 
data can be relatively easily carried out in the present 
Internet. In particular, since normally the data are trans- 
mitted/ received as the text without encryption in the 
Web, it is impossible to say that the security can be suf- 
ficiently ensured. 

[0004] Currently, the security is ensured on the 
Internet by using various public keys and the common 
keys, and digest of the data based on the iHash function. 
Especially, as the protocol for enabling the secure com- 
munication between the client and the server on the 
Web, SSL (Secure Sockets Layer) is widely employed. 
[0005] For example, in "Communication System, 
Message Processing Method, and Computer System" 
set forth in Patent Application Publication (KOKAI) Hei 
10-135942, an example of the message process com- 
munication system using the public key cipher is dis- 
closed. 

[0006] Meanwhile, in the prior art, the Internet is 
used on the personal computer (abbreviated as "PC" 
hereinafter) or the workstation (abbreviated as "WS" 
hereinafter). However, in recent years, the use on vari- 
ous equipments other than PC begins. For example, the 
mobile information terminal and the mobile telephone 
that can utilize the Web appear. 

[0007] These devices are small and portable. If 
these devices are connected to the Internet via the radio 
network such as the mobile telephone network, the 
electronic commence and the banking service using the 
Internet are available at any time in any place. 
[0008] However, normally these devices have a 
processing speed slower than the PC and small mem- 
ory capacity, and thus restrictions on the installed soft- 
wares are great. 

[0009] The encryption/decryption softwares and the 
SSL protocol necessary for the electronic commerce 
and the banking service using the Internet to ensure the 



security need complicated computation. Thus, the load" 
is heavy to perform the processes by the mobile infor- 
mation terminal whose processing ability is limited-" 
rather than the PC. There is such a possibility that the 

5 service cannot be offered smoothly. 

[0010] By the way, normally the data flowing 
through the mobile telephone network are encrypted. 
The encrypting and decrypting functions of the data are 
provided originally to the temriinal of the mobile tele- 

. 10 phone. 

[0011] In other words, unlike the Internet, the secu- 
rity is established as the communication network in the 
mobile telephone network. 

[0012] Therefore, for the temninal employed on the 
15 communication network in which the security is 
ensured, it may be considered as the extra process to 
execute the encryption and decryption processes nec- 
essary for transmission/reception of the data on the 
Internet in addition to the security offered by the com- 
20 munication network. 

[0013] The present Invention has been made in 
light of such problems, and it is an object of the present 
invention to provide a communication method capable 
of reducing the burden of the terminal device, that is 
25 connected to the Internet via the communication net- 
work such as the mobile telephone network, whose 
security is ensured, and used to can-y out the electronic 
commerce and the banking service, and a communica- 
tion system for embodying the communication method. 

30 

Disclosure of the Invention 

[0014] In a communication method of the present 
invention, in a communication that is carried out 

35 between a content server unit for managing content 
data and a client system located on a different commu- 
nication network from the content server unit via a gate- 
way server unit for relaying different communication 
networks, if security of communication between the cli- 

40 ent system and the gateway server unit is ensured, 
encryption of data is not performed in communication 
networks between the client system and the gateway 
server unit and the encryption of data is performed only 
by the communication by the communication networks 

45 between the gateway server unit and the content server 
unit, whose security is not ensured. 
[0015] Also, In a communication system for embod- 
ying this communication method, a data communicating 
means for transmitting/receiving data to/from the gate- 

50 way server unit, and an encryption communication 
requesting means for sending out a security request of 
communication between the client system and the con- 
tent server unit via the data communicating means are 
provided to a client system, and also a client data com- 

55 municating means for transmitting/ receiving the data 
to/from the client system, a server data communicating 
means for transmitting/receiving the data to/from the 
content sen/er unit, and an encryption communication 
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controlling means for performing setting process of 
encryption communication between the gateway sers/er 
unit and the content server unit in response to the secu- 
rity request from the client system via the server data 
communicating means and performing decryption of 5 
encrypted data received from the server data communi- 
cating means and encryption of the data to be output to 
the server data communicating means are provided to a 
gateway server unit. 

[001 6] Therefore, installing of the encryp- 
tion/decryption processing systems into the client sys- 
tem can be omitted while ensuring the security in all 
communication routes between the client system and 
the content server unit, and thus the burden or the client 
system can be reduced. 

[0017] According to a first aspect of the present 
invention, in a communication method which is carried 
out between a content server unit for managing content 
data and a client system located on a different commu- 
nication network from the content server unit via a gate- 
way server unit for relaying different communication 
networks, if security of communication between the cli- 
ent system and the gateway server unit is ensured, 
encryption of data is not performed in communication 
networks between the client system and the gateway 
server unit and the encryption of data is performed only 
by the communication by the communication networks 
between the gateway server unit and the content server 
unit, whose security is not ensured. Therefore, there is 
no necessity to set the encryption communication and 
install the processing system for decrypting the 
encrypted data into the client system, and thus the bur- 
den of the client system can be reduced. 
[0018] According to a second aspect or the present 
invention, the client system sends out a security request 
or a communication route to the gateway server unit, the 
gateway server unit sets up encryption communication 
between the content server unit and the gateway server 
unit in response to this, the content server unit encrypts 
data to be transmitted to the client system and then 
transmits it to the gateway server unit, and the gateway 
server unit decrypts the data and transmits it to the cli- 
ent system. Therefore, the data transmitted from the 
content server unit is encrypted and then transmitted 
securely. 

[0019] According to a third aspect of the present 
Invention, the client system sends out a security request 
of a communication route together with data transmis- 
sion to the gateway server unit, the gateway server unit 
sets up encryption communication between the content 
server unit and the gateway server unit in response to 
this, then encrypts the data, and then transmits it to the 
content server unit Therefore, the data transmitted from 
the gateway server unit to the content server unit is 
encrypted and then transmitted securely. 
[0020] According to a fourth aspect of the present 
invention, in a communication system in which commu- 
nication is carried out between a content server unit for 



managing content data and a client system located dn a. 
different communication network from the content 
server unit via a gateway server unit for relaying dilfer- 
ent communication networks, the client system and the 
gateway server unit are connected via a communication 
network whose security is ensured, a data communicat- 
ing means for transmitting/receiving data to/from the 
gateway server unit, and an encryption communication 
requesting means for sending out a security request of 
communication between the client system and the con- 
tent server unit via the data communicating means are 
provided to the client system, and also a client data 
communicating means for transmitting/receiving the 
data to/from the client system, a server data communi- 
cating means for transmitting/receiving the data to/from 
the content server unit, and an encryption communica- 
tion controlling means for performing setting process of 
encryption communication between the gateway server 
unit and the content server unit in response to the secu- 
rity request from the client system via the server data 
communicating means and performing decryption of 
encrypted data received from the server data communi- 
cating means and encryption of the data to be output to 
the server data communicating means are provided to 
the gateway server unit. Therefore, there is no necessity 
to set the encryption communication and install the 
processing system for decrypting the encrypted data 
into the client system, and thus the burden of the client 
system can be reduced. 

[0021] According to a fifth aspect of the present 
invention, a web protocol processing means for trans- 
mitting/receiving the data of World Wide Web to/from 
the gateway server unit via the data communicating 
means is provided to the client system, and also a web 
protocol processing means for transmitting/receiving 
the data of World Wide Web via the client data commu- 
nicating means and the server data communicating 
means is provided to the gateway server unit. There- 
fore, while ensuring the security of data transmission 
that uses the Web Protocol such as HTTP, the burden of 
the client system can be reduced. 

Brief Description of the Drawings 

[0022] 

FIG.1 Is a view showing a configuration of a com- 
munication system according to an embodiment of 
the present invention; 

FIG.2 is a flowchart showing an operation of a client 
system in the embodiment of the present invention; 
FIG.3 is a flowchart showing an operation of a gate- 
way server unit when it receives data from the client 
system in the embodiment of the present invention; 
FIG.4 is a flowchart showing an operation of the 
gateway server unit when rt receives data from a 
content server unit in the embodiment of the 
present invention; 
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FIG. 5 is an example of an encryption communica- 
tion request generated by an encryption communi- 
cation request generating portion of the client 
system: 

FIG. 6 is an example of a web page obtaining s 
request generated by a web protocol processing 
portion of the client system; and 
FIG.7 Is an example of a web response that the 
gateway server unit receives from the content 
server unit. io 

Best Mode for Carrying Out the Invention 

[0023] An embodiment of the present invention will 
be explained with reference to the drawings hereinafter is 
[0024] As shown in FIG.1 , this communication sys- 
tem comprises a client system 100 for executing the 
communication via the mobile telephone network 400, a 
gateway server unit 200 for relaying the mobile tele- 
phone network 400 as a different communication net- 20 
work and the Internet 500, and a content server unit 300 
connected to the gateway server unit 200 via the Inter- 
net 500. 

[0025] The client system 1 00 comprises an encryp- 
tion communication request generating portion 101 for 25 
generating the request that requests to transmit/receive 
the data securely between the client system 100 and 
the content server unit 300, a web protocol processing 
portion 102 for processing the Web transfer protocol 
HTTP (Hyper Text Transfer Protocol) employed com- 30 
monly among the client system 100, the gateway server 
unit 200 and the content server unit 300, a data commu- 
nication portion 103 for transmitting/receiving the data 
to/from the mobile telephone network 400. 
[0026] Also, the gateway server unit 200 comprises 35 
a client data communication portion 201 for transmit- 
ting/receiving the data to/from the mobile telephone net- 
work 400, a web protocol processing portion 202 for 
processing the Web transfer protocol HTTP employed 
commonly among the client system 100. the gateway 40 
server unit 200 and the content server unit 300. an 
encryption communication controlling portion 203 for 
establishing the encrypted secure communication 
between the gateway server unit 200 and the content 
server unit 300 in response to the request issued from 45 
the client system 100 to execute the encryption and the 
decryption of the data, and a server data communica- 
tion portion 204 for transmitting/receiving the data 
to/from the Internet 500. 

[0027] Also, the content server unit 300 comprises so 
a data communication portion 301 for transmit- 
ting/receiving the data to/from the Internet 500, an 
encryption communication controlling portion 302 for 
establishing the encrypted secure communication 
between the gateway server unit 200 and the content 55 
server unit 300 in response to the request issued from 
the gateway server unit 200 to execute the encryption 
and the decryption of the data, and a web protocol 



processing portion 303 for processing the Web transfei^ L : - 
protocol HTTP employed commonly among the client 
system 100, the gateway server unit 200 and the conV" 
tent server unit 300. 

[0028] If the client system 100 of the communica- 
tion system wishes the secure communication with the 
content server unit 300, it requests the encryption com- 
munication between the gateway server unit 200 and 
the content server unit 300 of the gateway server unit 
200 together with the output of the transmitted data. 
[0029] In response to this, the gateway server unit 
200 establishes the encryption communication between 
the gateway server unit 200 and the content server unit 
300, then encrypts the transmitted data, and then trans- 
mits the encrypted data to the content server unit 300. 
Also, the content server unit 300 encrypts the data to be 
transmitted to the client system 100, and then transmits 
the encrypted data to the gateway server unit 200. 
Then, gateway server unit 200 decrypts the encrypted 
data and then transmits the data to the client system 
100. 

[0030] FtG.2 shows flow of processes when the cli- 
ent system 1 00 of the communication system issues the 
request for establishment of the encryption communica- 
tion. 

Step 601: The encryption communication request 
generating portion 101 generates the encryption 
communication request. 

Step 602: The web protocol processing portion 102 
generates the web page obtaining request in the 
web protocol based on the encryption communica- 
tion request generated by the encryption communi- 
cation request generating portion 101. 
Step 603: The data communication portion 103 
transmits the web page obtaining request gener- 
ated by the web protocol processing portion 1 02 to 
the gateway server unit 200 via the mobile tele- 
phone network 400. 

FIG.3 shows flow of processes after the gate- 
way server unit 200 of this communication system 
receives the data transmitted from the client system 
100. 

Step 701 : When the client data communication por- 
tion 201 receive the data transmitted from the client 
system 100. it transmits the data to the web proto- 
col processing portion 202. 
Step 702: The web protocol processing portion 202 
analyzes the data received by the client data com- 
munication portion 201, 

Step 703: The web protocol processing portion 202 
decides whether or not this data is the web request 
containing the request for establishing the encryp- 
tion communication from the client system 100. If 
the data is the web request containing the request 
for establishing the encryption communication, the 
portion 202 starts the encryption communication 
controlling portion 203. 
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Step 704: The started encryption connmunication 
controlling portion 203 transmits the request for set- 
ting the encryption communication to the content 
server unit 300 via the server data communication 
portion 204. 

Step 705: The gateway server unit 200 executes 
the process for setting the encryption communica- 
tion with the content server unit 300. 
Step 706: The encryption communication control- 
ling portion 203 then encrypts the web page obtain- 
ing request being analyzed by the web protocol 
processing portion 202 in compliance with this set- 
ting, and then transmits the encrypted data to the 
server data communication portion 204. 
Step 707: The serwer data communication portion 
204 transmits the data, which is requested to trans- 
mit, to the content server unit 300 via the Internet 
500. 

Also, in step 703, if the analyzed data is the 
normal web request not containing the request for 
establishing the encryption communication, the 
process goes to step 707. The web protocol 
processing portion 202 transmits the web request 
to the server data communication portion 204 as it 
is. 

In the content server unit 300, the data commu- 
nication portion 301 receives the data transmitted 
from the Internet 500. If the data is encrypted, the 
encryption communication controlling portion 302 
decrypts the data and then the web protocol 
processing portion 303 executes the web transfer 
process. 

Also, in the case that the content server unit 
300 transmits the data requested by the client sys- 
tem 100, when the process for establishing the 
encryption communication between the gateway 
server unit 200 and the content server unit 300 is 
carried out, the encryption communication control- 
ling portion 302 encrypts the data and then the data 
communication portion 301 sends out the 
encrypted data to the Internet 500. 

FIG. 4 shows flow of succeeding processes 
when the gateway server unit 200 of this communi- 
cation system receives the data transmitted from 
the content server unit 300. 
Step 801: The server data communication portion 
204 receives the data from the content server unit 
300. 

Step 802: The server data communication portion 
204 decides whether or not the data received from 
the content server unit 300 is the encrypted data. If 
the data is the encrypted data, the server data com- 
munication portion 204 starts the encryption com- 
munication controlling portion 203. 
Step 803: The encryption communication control- 
ling portion 203 decrypts the encrypted data 
received by the server data communication portion 
204, and then transmits the received data to the 



web protocol processing portion 202. " . 

Step 804: The web protocol processing portion 20'2 
analyzes the received web response, and then 
transmits the analyzed web response to the-client 
5 data communication portion 201 . 

Step 805: The client data communication portion 
201 transmits the received web response to the cli- 
ent system 1 00 via the mobile telephone network 
400. 

10 Also, in step 802, if the data received from the 

content server unit 300 is not the encrypted data, 
the server data communication portion 204 trans- 
mits the received data to the web protocol process- 
ing portion 202, and then the processes in step 804 

15 and step 805 are carried out. 

[0031] FIG. 5 is an example of the encryption com- 
munication request generated by the encryption com- 
munication request generating portion 101 of the client 
20 system 100. The client system 1 00 requests the estab- 
lishment of the encryption communication by using a 
key word "https* in FIG.5. 

[0032] FIG. 6 is an example of the web page obtain- 
ing request generated by the web protocol processing 

25 portion 102 of the client system 100 based on the 
encryption communication request in FIG.5. The web 
page obtaining request in FIG. 6 is constructed by 
attaching several information required for the web proto- 
col as headers to the encryption communication 

30 request as a head portion. 

[0033] In this case, the key word for establishing the 
encryption communication is not limited to the example 
"https" in FIG.5. Any key word an-anged among the web 
protocols used in the client system 100, the gateway 

35 server unit 200, and the content server unit 300 may be 
employed. 

[0034] In addition, the keyword for establishing the 
encryption communication is not always positioned at 
the head line of the web page obtaining request, as 

40 shown in the example in FIG.6. For example, various 
parameters necessary for the establishment of the 
encryption communication may be set forth as the 
header other than the head of the request. 
[0035] FIG .7 Is an example of the web response 

45 Obtained by decrypting the encrypted data being trans- 
mitted from the content server unit 300 to the gateway 
server unit 200 when the gateway server unit 200 trans- 
mits the web page obtaining request In FIG.6 to the con* 
tent server unit 300. 

50 [0036] In this case, in the embodiment of the 
present invention, the mobile telephone network is used 
as the communication network in which the security 
between the client system 100 and the gateway server 
unit 200 is ensured. However, other communication net- 

55 works may be used if they are the communication net- 
work in which the security is ensured. The application of 
the present Invention is not limited to the mobile tele- 
phone network. 
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[0037] Furthermore, in the embodiment of the 
present invention, the client system 100, the gateway 
server unit 200, and the content server unit 300 commu- 
nicate with each other by using the web protocol 
(HTTP). However, the application of the present inven- 
tion is not limited to the HTTP. 

Industrial Applicability 

[0038] As apparent from the above explanation, in 
the communication method and the communication sys- 
tem of the present invention, the client system on the 
communication network in which the security is ensured 
can receive securely the data transmitted from the con- 
tent server unit by merely transmitting the encryption 
communication request to the gateway server. There- 
fore, there Is no necessity to Install the process systems 
for setting the encryption communication and decrypt- 
ing the encrypted data onto the client system. Thus, 
devices having the small memory capacity other than 
the PC can be employed as the client system. 
[0039] Also, not only the data received from the 
content server but also the data transmitted from the cli- 
ent system can be transmitted securely by using the 
encryption. 

[0040] In addition, in case the web protocol such as 
HTTP is employed, the client system on the communi- 
cation network in which the security is ensured can 
transmit^receive the data securely between the content 
server unit and the client system unless the process 
systems for setting the encryption communication and 
decrypting the encrypted web data are installed. 

Claims 

1. A communication method which is carried out 
between a content server unit for managing content 
data and a client system located on a different com- 
munication network from the content server unit via 
a gateway server unit for relaying different commu- 
nication networks, characterized in that, if security 
of communication between the client system and 
the gateway server unit is ensured, encryption of 
data is not performed in communication networks 
between the client system and the gateway server 
unit and the encryption of data is perfonned only by 
the communication by the communication networks 
between the gateway server unit and the content 
server unit, whose security is not ensured. 

2. A communication method according to claim 1, 
wherein the client system sends out a security 
request of a communication route to the gateway 
server unit, the gateway server unit sets up encryp- 
tion communication between the content server unit 
and the gateway server unit in response to this, the 
content server unit encrypts data to be transmitted 
to the client system and then transmits it to the 



15 



20 



30 



35 



40 



45 



50 



55 



gateway server unit, and the gateway server unit^ 
decrypts the data and transmits It to the client sys- • 
tem. 

A communication method according to claim 1, 
wherein the client system sends out a security 
request of a communication route together with 
data transmission to the gateway server unit, the 
gateway server unit sets up encryption communica- 
tion between the content server unit and the gate- 
way server unit in response to this, then encrypts 
the data, and then transmits it to the content server 
unit. 

A communication system in which communication 
is carried out between a content server unit for 
managing content data and a client system located 
on a different communication network from the con- 
tent server unit via a gateway server unit for relay- 
ing different communication networks, 
characterized in that the client system and the gate- 
way server unit are connected via a communication 
network whose security is ensured, 

the client system includes a data communicat- 
ing means for transmitting/receiving data 
to/from the gateway server unit, and an encryp- 
tion communication requesting means for 
sending out a security request of communica- 
tion between the client system and the content 
server unit via the data communfcating means, 
and 

the gateway server unit includes a client data 
communicating means for transmitting/receiv- 
ing the data to/from the client system, a server 
data communicating means for transmit- 
ting/receiving the data to/from the content 
server unit, and an encryption communication 
controlling means for performing setting proc- 
ess of encryption communication between the 
gateway server unit and the content server unit 
In response to the security request from the cli- 
ent system via the server data communicating 
means and performing decryption of encrypted 
data received from the server data communi- 
cating means and encryption of the data to be 
output to the server data communteating 
means. 

A communication system according to claim 4, 
wherein the client system includes a web protocol 
processing means for transmitting/receiving the 
data of World Wide Web to/from the gateway server 
unit via the data communicating means, and 

the gateway server unit includes a web protocol 
processing means for transmitting/receiving 
the data of World Wide Web via the client data 
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communicating means and the server data 
communicating means. 
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FIG. 4 
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GET hHps7/banksefver/balance.html HTTP/1.0 
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GET httpsy/banksetver/balance.html HTTP/1.0 
User-Agent: MobileClient 
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FIG. 7 



HnP/1.0 200OK 

Date: Mon. 14 Dec 1998 13:00:00 GMT 
Content-Length: 129 
Content-Type: text/html 

<HTML> 
<BODY> 
<CENTER> 

<H1> BAUNCE INQUIRY <n^^> 

14 Dec 13:00 PRESENT DEPOSIT BALANCE AMOUNT IS 

<BR> 

¥128,000 

</CENTER> 

</BODY> 

</HTML> 
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